add basic password recovery thing

This commit is contained in:
Andrew Dolgov 2013-03-22 14:50:02 +04:00
parent 1da5179c5d
commit f43e9e97a5
5 changed files with 140 additions and 12 deletions

View File

@ -708,5 +708,92 @@ class Handler_Public extends Handler {
print json_encode(array("error" => array("code" => 7))); print json_encode(array("error" => array("code" => 7)));
} }
function forgotpass() {
header('Content-Type: text/html; charset=utf-8');
print "<html>
<head>
<title>Tiny Tiny RSS</title>
<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
<script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
<script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
</head>
<body id='forgotpass'>";
print '<div class="floatingLogo"><img src="images/logo_wide.png"></div>';
print "<h1>".__("Reset password")."</h1>";
@$method = $_POST['method'];
if (!$method) {
$secretkey = uniqid();
$_SESSION["secretkey"] = $secretkey;
print "<form method='POST' action='public.php'>";
print "<input type='hidden' name='secretkey' value='$secretkey'>";
print "<input type='hidden' name='method' value='do'>";
print "<input type='hidden' name='op' value='forgotpass'>";
print "<fieldset>";
print "<label>".__("Login:")."</label>";
print "<input type='text' name='login' value='' required>";
print "</fieldset>";
print "<fieldset>";
print "<label>".__("Email:")."</label>";
print "<input type='email' name='email' value='' required>";
print "</fieldset>";
print "<fieldset>";
print "<label>".__("How much is two plus two:")."</label>";
print "<input type='text' name='test' value='' required>";
print "</fieldset>";
print "<p/>";
print "<button type='submit'>".__("Reset password")."</button>";
print "</form>";
} else if ($method == 'do') {
$secretkey = $_POST["secretkey"];
$login = db_escape_string($this->link, $_POST["login"]);
$email = db_escape_string($this->link, $_POST["email"]);
$test = db_escape_string($this->link, $_POST["test"]);
if (($test != 4 && $test != 'four') || !$email || !$login) {
print_error(__('Some of the required form parameters are missing or incorrect.'));
print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
} else if ($_SESSION["secretkey"] == $secretkey) {
$result = db_query($this->link, "SELECT id FROM ttrss_users
WHERE login = '$login' AND email = '$email'");
if (db_num_rows($result) != 0) {
$id = db_fetch_result($result, 0, "id");
Pref_Users::resetUserPassword($this->link, $id, false);
print "<p>".__("Completed.")."</p>";
} else {
print_error(__("Sorry, login and email combination not found."));
print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
}
} else {
print_error(__("Form secret key incorrect. Please enable cookies and try again."));
print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>";
}
}
print "</body>";
print "</html>";
}
} }
?> ?>

View File

@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected {
} }
} }
function resetPass() { static function resetUserPassword($link, $uid, $show_password) {
$uid = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($link, "SELECT login,email
$result = db_query($this->link, "SELECT login,email
FROM ttrss_users WHERE id = '$uid'"); FROM ttrss_users WHERE id = '$uid'");
$login = db_fetch_result($result, 0, "login"); $login = db_fetch_result($result, 0, "login");
@ -286,18 +284,20 @@ class Pref_Users extends Handler_Protected {
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
WHERE id = '$uid'"); WHERE id = '$uid'");
print T_sprintf("Changed password of user <b>%s</b> if ($show_password) {
to <b>%s</b>", $login, $tmp_user_pwd); print T_sprintf("Changed password of user <b>%s</b>
to <b>%s</b>", $login, $tmp_user_pwd);
} else {
print T_sprintf("Sending new password of user <b>%s</b>
to <b>%s</b>", $login, $email);
}
require_once 'lib/phpmailer/class.phpmailer.php'; require_once 'lib/phpmailer/class.phpmailer.php';
if ($email) { if ($email) {
print " ";
print T_sprintf("Notifying <b>%s</b>.", $email);
require_once "lib/MiniTemplator.class.php"; require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator; $tpl = new MiniTemplator;
@ -340,8 +340,11 @@ class Pref_Users extends Handler_Protected {
if (!$rc) print_error($mail->ErrorInfo); if (!$rc) print_error($mail->ErrorInfo);
} }
}
print "</div>"; function resetPass() {
$uid = db_escape_string($this->link, $_REQUEST["id"]);
Pref_Users::resetUserPassword($this->link, $uid, true);
} }
function index() { function index() {

View File

@ -65,6 +65,20 @@
font-size : 12px; font-size : 12px;
} }
a.forgotpass {
text-align : right;
font-size : 11px;
display : inline-block;
}
a {
color : #4684ff;
}
a:hover {
color : black;
}
div.footer a { div.footer a {
color : gray; color : gray;
} }
@ -179,6 +193,8 @@ function bwLimitChange(elem) {
<input type="password" name="password" required="1" <input type="password" name="password" required="1"
style="width : 220px" class="input" style="width : 220px" class="input"
value="<?php echo $_SESSION["fake_password"] ?>"/> value="<?php echo $_SESSION["fake_password"] ?>"/>
<label></label>
<a class='forgotpass' href="public.php?op=forgotpass"><?php echo __("I forgot my password") ?></a>
</div> </div>
<div class="row"> <div class="row">

View File

@ -1,7 +1,7 @@
<!-- $BeginBlock message --> <!-- $BeginBlock message -->
Hello, ${LOGIN}. Hello, ${LOGIN}.
Your password for this Tiny Tiny RSS installation has been reset by an administrator. Your password for this Tiny Tiny RSS installation has been reset.
Your new password is ${NEWPASS}, please remember it for later reference. Your new password is ${NEWPASS}, please remember it for later reference.

View File

@ -182,3 +182,25 @@ div.autocomplete ul li {
cursor : pointer; cursor : pointer;
} }
fieldset {
border-width : 0px;
padding : 0px 0px 5px 0px;
margin : 0px;
}
fieldset input {
font-family : sans-serif;
font-size : medium;
border-spacing : 2px;
border : 1px solid #b5bcc7;
padding : 2px;
}
fieldset label {
width : 120px;
margin-right : 20px;
display : inline-block;
text-align : right;
color : gray;
}